By Bradley Merrill Thompson
As I said in the prior post, this series is for two types of companies: (1) those that are merely dipping their toes into mHealth because they’re afraid of the water, and (2) those that are diving right in head first with no idea how deep the water is. Both types of companies might be making mistakes, either by letting good opportunities go by or by incurring undue regulatory risk. I’d like to convince both types to be more measured and informed in their approach to mHealth.
In the first post, I laid out all the nasty stuff that can happen if you enter mHealth and your app or your hardware ends up FDA regulated, but you don’t comply. That post was ugly, but it had to be done, because it laid the groundwork for this post. Now I’d like to share the good news that there is plenty you can do to mitigate your risk of FDA enforcement. As usual, I think in lists. The following is my checklist.
1. Check your attitude. I’ve been doing this for almost 30 years now, and I can generally tell which companies will succeed and which will fail when it comes to FDA compliance. There is one very clear hallmark of the companies that succeed—in their attitude they are able to embrace the FDA and put patient safety first. If you can do that, you’ve won easily half the battle. It sounds almost silly, but it goes to the very DNA of the organization. If the organization views FDA as a stakeholder that needs to be kept happy, they will organize their business partly around pleasing that stakeholder, in addition to customers, shareholders, employees and others. These companies make it part of their mission to learn the rules and play by them. If you can’t do that, my advice is simple. Stay out of this space.
2. It’s all about intended use. In prior posts, I’ve tried to explain the concept of intended use. As you might recall, intended use is the manufacturer’s objective intent with regard to how its customers will use its product. This concept is the linchpin of FDA regulation. It determines everything, including (1) whether or not FDA regulates your product, and (2) if it’s regulated, to what level. Intended use is therefore by far the single biggest determinant of regulatory risk, and companies that figure that out put in place robust systems for managing the intended use of their products. That means they carefully manage how they promote the products and what design features they add. They tightly control all of the things which ultimately determine the company’s intended use for their product, so that it stays exactly where they wanted it to stay.
3. Aim as low as you can. To reduce regulatory risk, focus on the lowest risk conditions and the least claims you can make. The risk associated with the health conditions you target partly determines the regulatory category (it’s an element of the intended use), and the claims you make about your product need to be proven to FDA’s satisfaction. So I say, aim as low as you can. I can almost hear the marketing people screaming. Okay, I get it — you need to be bold in business to make money. So what I’m really saying is pick a happy medium between the “our product will save the world” claims the marketing people want to make, and selling an inert paperweight. Carefully pick whatever the least is that can accomplish your sales goals. Less can definitely be more. Further, many companies not traditionally in the healthcare space confuse “common” with “low” risk. Diabetes is quite common these days, but not low risk. Similarly, claims of real time monitoring of patients with serious conditions are not low risk. Learn the difference.
4. Pursue a generic intended use. You don’t always have to tell people exactly how to use something. I can make and sell test tubes without regulatory oversight so long as I’m just making a glass tube and the claims I make relate, for example, to the quality of the glass and its cleanliness. I can make a network router that is just a router. Where I tend to get put in the regulatory soup is when I start to make specific medical claims that, for example, my router is especially good because of its design for some specific medical application. For the generic intended use strategy to be legitimate, there have to be legitimate nonmedical uses, which for test tubes and routers is not a problem. Please remember, though, how broad the concept of intended use is, in that it encompasses, for example, (1) the words I use to describe the product, (2) any special design features I might add that have only medical uses, as well as (3) uniquely medical channels of distribution I choose to pursue.
5. Take a more nuanced approach. It’s not all in or all out. There are many different roles the company can play in the industry. Companies can avoid many of the regulatory obligations by limiting their role to serving as a contract manufacturer. Or a design firm can collaborate with the manufacturer without taking on all of the regulatory obligations. Or you can just be a distributor of someone else’s willing to be the manufacturer. There are lots of roles to play, they aren’t all equally risky. I explained that in excruciating detail in a prior post.
6. Manage your supply chain well. The most successful folks I know in the medical device industry would put this at the top of their list, as a matter of general business practice. It makes my list with regard to ensuring regulatory compliance for several specific reasons. Companies should get accustomed to using supplier contracting to share the burdens of regulatory compliance—asking their suppliers to shoulder some of the obligations. At a minimum, contracts should specify the regulatory obligations rather than leave the issues unaddressed. Warranties are important, and there is even a so-called “pure food and drug warranty” in the FDA regulations which if you use that wording you can shift regulatory risk upstream. There also are whole tasks that can be outsourced, notably the clinical research function to a Clinical Research Organization. This is a little bit controversial in the device area; there’s an express provision on the drug side of FDA that allows this but not so on the device side. Even so, using a CRO typically can help reduce the risk. Keep reading>>